Re: OS Fingerprints

[BSK <bishan4u () yahoo co uk>]

Thanks for the email Sumit.
 
> i dont think ttl value is used now a days for OS
> fingerprinting.

Well don't know much about that but I still use it.

> Eg. u can differentitate only betweena windows
> machine and a linux machine
> based on ttl value,but if u have to differentiate
> say between different
> kernals then ttl field wont help. Also remember the

You can differentiate between linux kernels too.
Redhat 9 has a ttl of 64 but the kernel-2.4.xx used
255. I don't have the exact details but got it
verified from one of the docs whose link was sent
earlier in a reply.

> ttl value which u will
> get will be (ttl returned by machine (minus)- no. of
> routers in between),
> that is the reason why ttl field cant be used for
> fingerprinting.

Using traceroute you can always get the exact ttl
value. Thats how I do it. Add ttl with double the
number of hops found between the source and
destination.




                
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. 
http://uk.security.yahoo.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------